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International Application No. 
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Name of receiving Office and PCT International Application" 



Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country. The country of the address indicated in this 
Box is the applicants State (that is. country) of residence if no State of residence is indicated below.) 

INFRAWORKS CORPORATION 

504 Lavaca Street 

Suite 1100 

Austin, Texas 78701 
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Applicant's or agent's file reference 
(if desired) ( 12 characters maximum) 



1237-PCT-00 



Box No. I TITLE OF INVENTION 

METHOD AND SYSTEM FOR PROVIDING DATA SECURITY USING FILE SPOOFING 



Box No. II 



APPLICANT 



| | This person is also inventor. 



Telephone No. 



Facsimile No. 



Teleprinter No. 



State (that is, country) of nationality: 
US 


State (that is, country) of residence: 
US 


This person is applicant I I all designated RTI all designated States except 1 1 the United States 1 1 the States indicated in 
for the purposes of: 1 1 States l^J the United States of America 1 1 of America only 1 1 the Supplemental Box 


Box No. Ill FURTHER APPLICANT(S) AND/OR (FURTHER) INVENTOR(S) 


Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country. The country of the address indicated in this 
Box is the applicants State (that is, country) of residence ifjio State of residence is indicated below.) 

FRIEDMAN, George 
7109 Montana Norte 
Austin, Texas 78731 
US 


This person is: 

| | applicant only 

applicant and inventor 

| | inventor only (If this check-box 
is marked, do not fill in below.) 


State (that is, country) of nationality: 
US 


State (that is, country) of residence: 
US 



\ the United States 



□ 



the States indicated in 



|Xl Further applicants and/or (further) inventors are indicated on a continuation sheet. 


Box No. IV AGENT OR COMMON REPRESENTATIVE; OR ADDRESS FOR CORRESPONDENCE 


The person identified below is hereby/has been appointed to act on behalf [w| I I ^ nmmnn ™^™*o*;,,~ 
of the applicant(s) before the competent International Authorities as: l><J a S ent U common representative 


Name and address: (Family name followed by given name; for a legal entity, full official 
designation. The address must include postal code and name of country.) 


Telephone No. 
215-751-2475 


SCHNADER HARRISON SEGAL & LEWIS LLP 
1 600 Market Street - Suite 3600 
Philadelphia, Pennsylvania 19103-7286 
US 




Facsimile No. 
215-568-2658 


Teleprinter No. 


I — I Address for correspondence: Mark this check-box where no agent or common representative is/has been appointed and the 
I I space above is used instead to indicate a special address to which correspondence should be sent. 
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Continuation of Box No. Ill FURTHER APPLICANTS AND/OR (FURTHER) INVENTOR(S) 


If none of the following sub-boxes is used, this sheet is not to be included in the request. 


Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country. The country of the address indicated in this 
Box is the applicants State (that is. country) of residence if no State of residence is indicated below.) 

STAREK. Robert Phillip 
3609 Del Robtes 
Austin, Texas 78727 
US 


This person is: 

| | applicant only 

|Xl applicant and inventor 

| 1 inventor only (If this check-box 
is marked, do not fill in below.) 


State (that is. country) of nationality: 
US 


State (that is, country) of residence: 
US 


This person is applicant 1 1 all designated 1 1 all designated States except lyl the United States 1 1 the States indicated in 
for the purposes of: 1 1 States 1 1 the United States of America l£iJ of America only 1 1 the Supplemental Box 


Name and address '.(Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country. The country of the address indicated in this 
Box is the applicants State (that is, country) of residence if no State of residence is indicated below.) 

MURDOCK, Carlos 
4517 Avenue F 
Austin, Texas 78751 
US 


This person is: 

| | applicant only 

|Xl applicant and inventor 

| | inventor onlv (If this check-box 
is marked, do not fill in below.) 


State (that is, country) of nationality: 
US 


State (that is, country) of residence: 
US 


This person is applicant I I all designated I I all designated States except R71 the United States I I the States indicated in 
for the purposes of: I I States I I the United States of America l^J of America only I I the Supplemental Box 


Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country. The country of the address indicated in this 
Box is the applicants State (that is, country) of residence if no State of residence is indicated below.) 


This person is: 

[ | applicant only 

| 1 applicant and inventor 

| | inventor onlv (If this check-box 
is marked, do not fill in below.) 


State (that is, country) of nationality: 


State (that is, country) of residence: 


This person is applicant I I all designated 1 1 all designated States except 1 1 the United States | 1 the States indicated in 
for the purposes of: 1 1 States 1 1 the United States of America 1 1 of America only 1 1 the Supplemental Box 


Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country. The country of the address indicated in this 
Box is the applicants State (that is, country) of residence if no State of residence is indicated below.) 


This person is: 

| | applicant only 

1 | applicant and inventor 

| | inventor onlv (If this check-box 
is marked, do not fill in below.) 


State (that is. country) of nationality: 


State (that is, country) of residence: 


This person is applicant |~~| alt designated 1 1 all designated States except 1 1 the United States 1 1 the States indicated in 
for the purposes of: 1 1 States 1 1 the United States of America l_J of America only l_l the Supplemental Box 


| | Further applicants and/or (further) inventors are indicated on another continuation sheet. 
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Box No.V 



DESIGNATE 



)F STATES 



The following designations are hereby made under Rule 4.9(a) (mark the applicable check-boxes; at least one must be marked): 
Regional Patent 



GM Gambia, KE Kenya, LS Lesotho, MW Malawi, SD Sudan. SL Sierra Leone, SZ 

Swaziland, TZ United Republic of Tanzania, UG Uganda, ZW Zimbabwe, and any other State which is a Contracting State o 



SI AP ARIPO Patent: GH Ghana, 
Swaziland, TZ United Republi 
the Harare Protocol and of the PCT 



of 



E) EA Eurasian Patent: AM Armenia. AZ Azerbaijan, BY Belarus, KG Kyrgyzstan, KZ Kazakhstan, MD Republic of Moldova, 
RU Russian Federation, TJ Tajikistan, TM Turkmenistan, and any other State which is a Contracting State of the Eurasian 
Patent Convention and of the PCT 

59 EP European Patent: AT Austria, BE Belgium, CH and LI Switzerland and Liechtenstein, CY Cyprus, DE Germany, 
DK Denmark, ES Spain, FI Finland, FR France, GB United Kingdom, GR Greece, IE Ireland, IT Italy, LU Luxembourg, 
MC Monaco, NL Netherlands, PT Portugal, SE Sweden, and any other State which is a Contracting State of the European 
Patent Convention and of the PCT 

El OA OAPI Patent: BF Burkina Faso, BJ Benin, CF Central African Republic, CG Congo, CI Cote d'lvoire, CM Cameroon, 
GA Gabon, GN Guinea, GW Guinea-Bissau, ML Mali, MR Mauritania, NE Niger, SN Senegal, TD Chad, TG Togo, and any 
other State which is a member State of OAPI and a Contracting State of the PCT (if other kind of protection or treatment 
desired, specify on dotted line) 



National Patent (if other kind of protection or treatment desired, specify on dotted line): 



El 
E> 
B 
H 

El 
El 
El 
IS 
IS 
IS 
El 
El 
El 

El 
El 
IS 
IS 
IS 
H 
IS 
IS 
H 
IS 
IS 
E> 
IS 
H 
H 
El 
IS 
El 
IS 
IS 
IS 
IS 
IS 

El 

IS 
IS 
IS 
El 



AE 
AL 
AM 
AT 
AU 
AZ 
BA 
BB 
BG 
BR 
BY 
CA 



United Arab Emirates 

Albania 

Armenia 

Austria 

Australia 

Azerbaijan 



El 
El 
El 
El 
El 
El 



Bosnia and Herzegovina El 

Barbados 

Bulgaria Kl 

Brazil 

Belarus Kl 

Canada 81 

CH and LI Switzerland and Liechtenstein 69 

CN China Kl 

CR Costa Rica H 

CU Cuba Kl 

CZ Czech Republic 63 

DE Germany Kl 

DK Denmark Kl 

DM Dominica Kl 

EE Estonia Kl 

ES Spain Kl 

FI Finland Kl 

GB United Kingdom 

GD Grenada Kl 

GE Georgia Kl 

GH Ghana Kl 

GM Gambia Kl 

HR Croatia Kl 

HU Hungary Kl 

ID Indonesia Kl 

IL Israel Kl 

IN India Kl 

IS Iceland 

JP Japan Kl 

KE Kenya Kl 

KG Kyrgyzstan Kl 

KP Democratic People's Republic of Korea . . . El 



LR Liberia 

LS Lesotho 

LT Lithuania 

LU Luxembourg 

LV Latvia 

MA Morocco 

MD Republic of Moldova , 

MG Madagascar 

MK The former Yugoslav Republic of Macedonia 



MN Mongolia 

MW Malawi 

MX Mexico 

NO Norway 

NZ New Zealand . . . 

PL Poland 

PT Portugal 

RO Romania 

RU Russian Federation 

SD Sudan 

SE Sweden 

SG Singapore 

SI Slovenia 

SK Slovakia 

SL Sierra Leone .... 

TJ Tajikistan 

TM Turkmenistan . . . 
TR 
TT 
TZ 
UA 
UG 
US 

uz 

VN 
YU 
ZA 



Turkey 

Trinidad and Tobago 

United Republic of Tanzania 

Ukraine 

Uganda 

United States of America . . 



Uzbekistan 
Viet Nam 
Yugoslavia 
South Africa 



Kl ZW Zimbabwe 



ICR 

KZ 
LC 
LK 



Republic of Korea Check-boxes reserved for designating States which have become 

Kazakhstan party to the PCT after issuance of this sheet: 

Saint Lucia d 

Sri Lanka □ 



Precautionary Designation Statement: In addition to the designations made above, the applicant also makes under Rule 4.9(b) all 
other designations which would be permitted under the PCT except any designation(s) indicated in the Supplemental Box as being 
excluded from the scope of this statement. The applicant declares that those additional designations are subject to confirmation and 
that any designation which is not confirmed before the expiration of 15 months from the priority date is to be regarded as withdrawn by 
the applicant at the expiration of that time limit. (Confirmation (including fees) must reach the receiving Office within the 15-month time limit.) 
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Supplemental Box 



If the Supplemental Box is not used, this sheet should not be included in the request 



1. If, in any of the Boxes, the space is Insufficient to furnish all the information: in such case, write "Continuation of Box No. 
{indicate the number of the Box] and furnish the information in the same manner as required according to the captions of the Box in which 
the space was insufficient, in particular: 

(i) if more than two persons are in volved as applicants and/or in ventors and no "continuation sheet ** is available: In such case, write 
'Continuation of Box Ho, ft/" and indicate for each additional person the same type of information as required in Box No. Iff. The 
country of the address indicated in this Box is the applicant s State (that is. country) of residence if no State of residence is indicated 
below; 

(ii) if in Box No. If or in any of the sub-boxes of Box No, fff, the indication "the States Indicated in the Supplemental Box" is checked: 
in such case, write "Continuation of Box No. ff or "Continuation of Box No. fff or "Continuation of Boxes No. 1/ and No. fff 
(as the case may be), indicate the name of the applicants) involved and, next to (each) such name, the State fs) (and/or, where 
applicable, ARlPO. Eurasian, European or OAF I patent) for the purposes of which the named person is applicant; 

(iii) if in Box No. ff or in any of the sub-boxes of Box No. fff, the inventor or the inventor/applicant Is not inventor for the purposes 
of ail designated States or for the purposes of the United States of America: in such case, write "Continuation of Box No. ff" or 

Continuation of Box No, fff or "Continuation of Boxes No. ff and No. fff fas the case may be), indicate the name of the 
inventor(s) and. next to (each) such name, the Statefs) (and/or. where applicable. ARfPO. Eurasian, European or OAPf patent) for 
the purposes of which the named person is inventor; 

(iy) (f ^ addition to the agent(s) indicated in Box No. IV, there are further agents: in such case, write "Continuation of Box No. fV" 
and indicate for each further agent the same type of information as required in Box No. fV; 

(v) if in Box No. V. the name of any State for OAPf) is accompanied by the indication "patent of addition, " or "certificate of addition, " 
or if in Box No. V, the name of the United States of America is accompanied by an indication "continuation ' or "continuation- 
in-part": in such case, write "Continuation of Box No. V" and the name of each State involved (or OAPf), and after the name of 
each such State (or OAPf), the number of the parent title or parent application and the date of grant of the parent title or filing 
of the parent application; 

(vi) if in Box No. Vf t there are more than three earlier applications whose priority Is claimed: in such case, write "Continuation of 
Box No. Vf and indicate for each additional earlier application the same type of information as required in Box No. Vf; 

(vii) if, in Box No. Vf, the earlier application is an ARlPO application: in such case, write "Continuation of Box No. Vf", specify the 
number of the item corresponding to that earlier application and indicate at least one country party to the Paris Convention for 
the Protection of Industrial Property for which that earlier application was fxled 

2. ff with regard to the precautionary designation statement contained in Box No. V. the applicant wishes to exclude any State(s) from 
the scope of that statement: in such case, write "Designations) excluded from precautionary designation statement" and indicate the 
name or two-letter code of each State so excluded 

3. ffthe applicant claims, in respect of any designated Office, the benefits of provisions of the national law concerning non-prejudicial 
discfosures or exceptions to lack of novelty: in such case, write "Statement concerning non-prejudicial disclosures or exceptions to lack 
of novelty" and furnish that statement below. 

Continuation of Box IV: 
Christenbury, T. Daniel 
Donatiello, Guy T. 
Taufer, Paul A. 
Drobile, James A. 
Miller, Austin R. 
Weiser, Gerard J. 
Kluger, Joan T. 
Patane, Michael A. 
McKinley, Robert A. 
Fenick, Sharon 
Wiener, Stewart M. 
Rowe, Felicity E. 

All of the above are members of the firm of Schnader, Harrison, Segal 
& Lewis, LLP, at the address in Box IV. 
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CLAIM 



□ Further priority claims are indicated in the Supplemental Box. 



Filing date 
of earlier application 
(day/month/year) 


Number 
of earlier application 


Where earlier application is: 


national application: 
country 


regional application:* 
regional Office 


international application: 
receiving Office 


item (1) 

01 October 1999 
(01.10.99) 


60/157,472 


US 






item (2) 

25 May 2000 
(25.05.00) 


60/206,947 


US 






item (3) 











The receiving Office is requested to prepare and transmit to the International Bureau a certified copy 
of the earlier application(s) (only if the earlier application was filed with the Office which for the 
purposes of the present international application is the receiving Office) identified above as item(s): 1 anri 9 



* Where the earlier application is an ARJPO application, it is mandatory to indicate in the Supplemental Box at least one country party to the Paris Convention for the 
Protection of Industrial Property for which that earlier application was filed (Rule 4.l0(b)(ii)). See Supplemental Box. 



Box No. VII INTERNATIONAL SEARCHING AUTHORITY 



Choice of International Searching Authority (ISA) 

(if two or more International Searching Authorities are 
competent to carry out the international search, indicate the 
Authority chosen; the two-letter code may be used): 

ISA/js 



Request to use results of earlier search; reference to that search (if an earlier 
search has been carried out by or requested from the International Searching Authority): 

Date (day/month/year) Number Country (or regional Office) 



Box No. VIU CHECK LIST: LANGUAGE OF FILING 



This international application contains 



the following number of sheets: 




1. 




request : 


5 


2. 


□ 


description (excluding 




3. 


□ 


sequence listing part) : 


9 


4. 


□ 


claims : 


5 


5. 


□ 


abstract : 


1 


6. 


□ 


drawings : 


3 


7. 


□ 


sequence listing part 




8. 


□ 


of description : 


0 


9. 


□ 


Total number of sheets : 


23 







This international application is accompanied by the item(s) marked below: 



Figure of the drawings which 

should accompany the abstract: 1 


Language of filing of the 

international application: English 


Box No. IX SIGNATURE OF APPLICANT OR AGENT 



Next to each signature, indicate the name of the person signing and the capacity in which the person signs (if such capacity is not 
obvious from reading the request). 



Paul A 



Esq. 



1 assSSSKSffiSS^ p ^ ed 526 Rec'd PCT/PTO 2 9 SEP ZQM 


2. Drawings: 


3. Corrected date of actual receipt due to later but 
timely received papers or drawings completing the 
purported international application: 


| | received: 


4. Date of timely receipt of the required 
corrections under PCT Article 1 1(2): 


| | not received: 


5. International Searching Authority T « . , ^ 
(if two or more are competent): liS 


6. 1 1 Transmittal of search copy delayed 
L— 1 until search fee is paid. 





For International Bureau use only 



Date of receipt of the record copy 
by the International Bureau: 
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PCT 



FEE CALCULATION SHEET 
Annex to the Request 



Applicant's or agent's 
file reference 



1237-PCT-00 



For receiving Office use only 



International application No. 



PCT/US 00/26858 

lication No. w w * w 



f** 0 ,?-^ «, 2 9 SEP 2000 

Date stamp of the receiving Office 



Applicant 

INFRAWORKS CORPORATION 



CALCULATION OF PRESCRIBED FEES 
I. TRANSMITTAL FEE 



240.00 



2. SEARCH FEE 

International search to be carried out by 



USPTO 



450.00 fs 



(If two or more International Searching Authorities are competent in relation to the international 
application, indicate the name of the Authority which is chosen to carry out the international search,) 



3. INTERNATIONAL FEE 
Basic Fee 

The international application contains 
first 30 sheets 

0 x $10.00 



23 



sheets. 



427.00 



bl 



remaining sheets additional amount 



0.00 



b2 



Add amounts entered at bl and b2 and enter total at B 

83 



427.00 



B 



Designation Fees 

The international application contains 



8 



number of designation fees 
payable (maximum 8) 



designations. 
92.00 = [_ 



736.00 



amount of designation fee 



Add amounts entered at B and D and enter total at I 

(Applicants from certain States are entitled to a reduction of 75% of the 
international fee. Where the applicant is (or all applicants are) so entitled, the 
total to be entered at I is 25% of the sum of the amounts entered at B and D.) 

4. FEE FOR PRIORITY DOCUMENT (if applicable) 

5. TOTAL FEES PAYABLE 

Add amounts entered at T, S, I and P, and enter total in the TOTAL box 



1,163.00 I 



30.00 



1,883.00 



TOTAL 



| | The designation fees are not paid at this time. 



MODE OF PAYMENT 

□ authorization to charge 
deposit account (see below) 

|X| cheque 

postal money order 



| | bank draft 
l I cash 

□ 



| | coupons 

| | other (specify): 



revenue stamps 



DEPOSIT ACCOUNT AUTHORIZATION (this mode of payment may not be available at all receiving Offices) 
The RO/ US | | is hereby authorized to charge the total fees indicated above to my deposit account. 

(this check-box may be marked only if the conditions for deposit accounts of the receiving Office so permit) i: 
hereby authorized to charge any deficiency or credit any overpayment in the total fees indicated above to m; 
deposit account. 

is hereby authorized to charge the fee for preparation and transmittsrt*6Tjthe priority^document to the International 



□ 



13-3405 



Bureau of WIPO to my deposit account. 

29 September 2000 



Deposit Account No. 



Date (day/month/year) 
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PATENT COOPERATION TREATY 

PCT 

INTERNATIONAL SEARCH REPORT 

(PCT Article 18 and Rules 43 and 44) 



Applicant's or agent's file reference 
1237-PCT-00 


FOR FURTHER see Notification of Transmittal of International Search Report 
ACTION (Form PCT/ISAy220) as well as, where applicable, item 5 below. 


International application No. 
PCT/US00/26858 


International filing date (day /month /year) 
29 SEPTEMBER 2000 


(Earliest) Priority Date (day /month/year) 
01 OCTOBER 1999 


Applicant 

INFRA WORKS CORPORATION 



l nis micniauuiitii a^mwn iv^ui «. r*"i j ~ 

according to Article 18. A copy is being transmitted to the International Bureau. 

This international search report consists of a total of / .. sheets. 

It is also accompanied by a copy of each prior art document cited in this report. 



X 



1. Basis of the report 

a. With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 

I 1 the international search was carried out on the basis of a translation of the international application furnished to this 

I ! Authority (Rule 23.1(b)). 

b. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 
was carried out on the basis of the sequence listing: 

contained in the international application in written form. 

filed together with the international application in computer readable form, 
furnished subsequently to this Authority in written form, 
furnished subsequently to this Authority in computer readable form. 

the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listing has been 
fiimished. 

2. | | Certain claims were found unsearchable (See Box I). 

3. | | Unity of invention is lacking (See Box II). 

4. With regard to the title, 

| x| the text is approved as submitted by the applicant. 

j 1 the text has been established by this Authority to read as follows: 

5. With regard to the abstract, 

[ | the text is approved as submitted by the applicant. 

Qthe text has been established, according to Rule 38.2(b), by this Authority as it appears in 
Box III. The applicant may, within one month from the date of mailing ot this international 
search report, submit comments to this Authority. 

6. The figure of the drawings to be published with the abstract is Figure No. S. 

| | as suggested by the applicant. | | None of the figures. 

| | because the applicant failed to suggest a figure. 

| x| because this figure better characterizes the invention. 



□ 
□ 
□ 
□ 
□ 
□ 

□ 
□ 
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INTERNATIONAL SEARCH REPORT 



International application No. 
PCT/US00/26858 



Box III TEXT OF THE ABSTRACT (Continuation of item 5 of the first sheet) 



NEW ABSTRACT 



A method for providing data security in a device for accessing data. The device 
driver detects a file system request(210), completes the file system request, and 
receives return information from the file system request. The device driver(21 1) 
further determines whether the file system request is for a tag file associated with a 
secured file; and if so, modifies(212) the return information to reflect a file 
attribute of the secured file. 



Form PCT/ISA/210 (continuation of first sheet(2)) (July 1998)* 



INTERNATIONAL SEARCH REPORT 



International application No. 
PCT/US00/26858 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC(7) :G06F 11/00; 11/30 

US CL :707/9,l0l;7 13/193,200; 709/227 
According to International Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 
U.S. : 707/9,t01;7I3/193,200; 709/227 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and, where practicable, search terms used) 
Please See Extra Sheet. 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 



Citation of document, with indication, where appropriate, of the relevant passages 



US 5,931,947 A(BURNS et al.) 03 August 1999, col. 6, lines 18-42, 
col. 11, lines 14-45 

US 5,892,903 A(KLAUS)06 April 1999, col. 11, lines 15-31, col. 12, 
lines 28-38. 

US 5,694,580 A(NARITA et al) 02 December 1997, col.6,lines45- 
67, col. 9, lines 38-65 



Relevant to claim No. 



1-34 



1-34 



1-34 



| | Further documents are listed in the continuation of Box C. Q See patent family annex. 



"O* 

"p" 



Special categories of cited documents: 

document defining the general stole of the art which is not considered 
to be of particular relevance 

earlier document published on or after the international filing date 

document which may throw doubts on priority claim(s) or which is 
cited to establish the publication date of another citation or other 
special reason (as specified) 

document referring to an oral disclosure, use. exhibition or other 



document published prior to the international filing date but later than 
the priority date claimed 



later document published after the international filing date or priority 
date and not in conflict with the application but cued to understand 
the principle or theory underlying the invention 

document of particular relevance; the claimed invention cannot be 
considered novel or cannot be considered to involve an inventive step 
when the document is taken alone 

document of particular relevance; the claimed invention cannot be 
considered to involve an inventive step when the document is 
combined with one or more other such documents, such combination 
being obvious to a person skilled in the art 

document member of the same patent family 



Date of the actual completion of the international search 



15 DECEMBER 2000 



Date of mailing of the international search report 



aft J AN am 



Name and mailing address of the ISA/US 
Commissioner of Patents and Trademarks 
Box PCT 

Washington, D.C. 20231 
Facsimile No. (703) 305-0040 



Authorized officer /^\ i I j 

GAIL HAYES 



Telephone No. (703) 305-0042 
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B. FIELDS SEARCHED 
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METHOD AND SYSTEM FOR PROVIDING DATA SECURITY 
USING FILE SPOOFING 

Field of the Invention 

5 The present invention pertains to the field of file systems in electronic computers. 

In particular, the invention relates to a method and system for providing data security using file 
spoofing. 

Background of the Invention 

10 Data security is a serious concern of computer users and owners of intellectual property. 

It is increasingly common to use measures such as encryption to secure data files, to protect data 
from loss or unauthorized activity. 

Computer systems typically include one or more local or networked data storage devices. 
A typical application program executing on such a computer system accesses such data storage 

15 devices by calling standard file system services provided by an operating system, such as services 
for creating, reading, and writing files on the data storage devices. 

A device driver is a set of computer-implemented instructions that implements the 
device-specific aspects of generic input/output operations. In typical operating systems, software 
applications such as device drivers run in either "kernel mode" or "user mode." A virtual device 

20 driver is a type of device driver that has direct access to an operating system kernel, such as by 
running in kernel mode. "Kernel mode" is a highly privileged memory access mode of the 
processor. "User mode" is a less privileged memory access mode of the processor. The memory 
access mode is a part of the hardware state of the processor. The kernel mode privilege level is 
also known as "Ring 0," and the user mode privilege level is also known as "Ring 3." Kernel 

25 mode access allows the virtual device driver to interact with system and hardware resources at a 
very low level. 

In conventional operating systems, device drivers may be represented as layered on top of 
one another. The layered architecture is also sometimes referred to as a stack or a calling chain. 
It is the lowest-level device driver that typically controls a hardware device. If there is only a 
30 single device driver above the hardware device, the driver is called a monolithic driver. 

However, a plurality of drivers may be placed above the lowest-level driver. Input and output 
requests ("I/O requests") to the hardware device or devices controlled by a lowest-level driver are 
handled first by the highest-level driver, then seriatim by any lower-level intermediate drivers, 



-1- 



WO 01/25922 PCT/US00/26858 
and finally by the lowest-level driver. 

A file system driver is generally a highest-level driver, layered above a device driver for a 
data storage device such as a hard disk drive. The file system driver implements high-level 
aspects of I/O requests directed to the file system, such as requests to create, open, extend, and 
5 delete files and directories. A plurality of file system drivers may exist in a single computer, and 
file system drivers may be specific to different types of file systems, such as the FAT and NTFS 
file systems. 

It is known in the art to monitor file I/O requests in operating systems having an 
installable file system manager and layered device drivers, such as the Windows 95®, Windows 

10 98®, and Windows Me® operating systems available from Microsoft Corporation of Redmond, 
Washington, and collectively referred to herein as "Windows 9x f \ In Windows 9x operating 
systems, file system monitoring may be accomplished by registering a file system applications 
programming interface hook with the installable file system manager. Windows 9x provides a 
function called IFSMGR_InstallFileSystemApiHook which is designed to be used for monitoring 

15 I/O requests to a file system. This service allows virtual device drivers to monitor all file system 
activity by hooking into the file system calls. By means of a call during system initialization to 
IFSMGR_InstallFileSystemApiHook, a virtual device driver may insert itself onto the stack of all 
file system requests. 

A somewhat different approach has been used to monitor file systems on object-oriented 
20 operating systems, such as the Windows NT® operating system and successor operating systems 
such as Windows 2000®, available from Microsoft Corporation of Redmond, Washington, and 
collectively referred to herein as "Windows NT." In Windows NT, I/O requests are described by 
data structures known as I/O Request Packets ("IRPs"), which are used for communication 
between software applications and drivers. All IRPs to hardware devices are handled by device 
25 drivers operating in kernel mode. High-level, intermediate, and low-level drivers exchange IRPs 
to complete a given I/O request. The lowest-level driver calls an NT layer known as the 
Hardware Access Layer (HAL) to gain direct control of the hardware. It is known on a Windows 
NT system to implement a file system monitor as a device driver object that creates filter device 
objects and attaches those objects to target file system device objects, so that the file system 
30 monitor will see all IRPs directed to the monitored data storage devices. 

It is known to store secured files, such as encrypted files, alongside unsecured files in the 
same file system. The encrypted file appears in the file directory like any other file, with relevant 
file attributes such as name and size. However, the data contained in the file is unintelligible to 
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user applications until decrypted. Furthermore, the encryption process is likely to result in the 
size of the file becoming larger or smaller than the original unencrypted data. In such a case, a 
request to the file system to determine the file size would not reliably return the actual size of the 
original data. From the user's point of view, this type of data security lacks the desirable feature 
5 of transparency. 

It is also known to store secured files in a special physical or virtual location apart from 
the ordinary file system. Such locations may include remote networked devices, encrypted or 
password-protected file systems, or other virtual secured file systems. This type of data security 
prevents the user from freely intermingling secured and unsecured files in a single file directory, 
10 even though the files may be logically related to one another. Although a user may set up, in the 
unsecured directory, symbolic links or shortcuts to secured files in another location, such an 
exercise for authorized persons adds an undesirable layer of obfuscation and effort to the process 
of conveniently accessing secured data. 



15 Summary of the Invention 

It is a principal object of the present invention to provide a more convenient way for users 
to obtain information in connection with secured data files or file systems. 

Another object of the present invention is to prevent unauthorized device drivers from 
obtaining information in connection with secured data files or file systems. 
20 These and other objects are provided by a method and system for providing data security 

using file spoofing. 

More particularly, the present invention relates to a method for providing data security in 
a device driver for accessing data. The device driver detects a file system request, completes the 
file system request, and receives return information from the file system request. The device 
25 driver further determines whether the file system request is for a tag file associated with a 
secured file; and if so, modifies the return information to reflect a file attribute of the secured 
file. 

In another aspect, the invention relates to a system for providing data security, the system 
comprising a device driver for accessing data. The device driver is operably installed in an 
30 operating system on an electronic computer. The device driver detects a file system request, 
completes the file system request, receives return information from the file system request, 
determines whether the file system request is for a tag file associated with a secured file; and if 
so, modifies the return information to reflect a file attribute of the secured file. 
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In still another aspect, the invention comprises a machine-readable medium comprising a 
device driver program for accessing data. In yet another aspect, the invention comprises a 
computer-implemented device driver for accessing data. 

Further objects and advantages of this invention will become apparent from the detailed 
5 description of a preferred embodiment, which follows. 

Brief Description of the Drawings 

The present invention is described in further detail with reference to the accompanying 
drawings. The figures of the accompanying drawings illustrate the present invention by way of 
10 example and not limitation. 

FIG. 1 is a diagram of the system architecture layout of the Windows 9x operating 

system. 

FIG. 2 is a diagram of the system architecture layout of the Windows NT operating 

system. 

15 FIG. 3 is a flow chart illustrating an embodiment of the file spoofing method of the 

present invention. 

Detailed Description of Preferred Embodiments of the Invention 

The invention will be understood more fully from the detailed description given below; 

20 which, however, should not be taken to limit the invention to a specific embodiment, but is for 
explanation and understanding only. 

The terms "computer" or "computer system," as used herein, include any device capable 
of receiving, transmitting, and/or using information, including, without limitation, a processor; a 
microprocessor, a personal computer, such as a laptop, palm PC, desktop or workstation; a 

25 network server; a mainframe; an electronic wired or wireless device, such as for example, a 
telephone; an interactive television or electronic box attached to a television, such as for 
example, a television adapted to be connected to the Internet; a cellular telephone; a personal 
digital assistant; an electronic pager; and a digital watch. In an illustrative example, information 
is transmitted in the form of e-mail. A computer, computer system, or system of the invention 

30 may operate in communication with other systems over a network, such as, for example, the 
Internet, an intranet, or an extranet, or may operate as a stand-alone system. 

It should also be understood that the terms "device driver" or "driver," as used herein, 
include any computer-implemented instructions for directly or indirectly accessing or controlling 
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hardware devices, including, without limitation, device drivers, virtual device drivers (VxDs), 
instructions using NT kernel mode architecture, instructions using Win32 driver model (WDM), 
and other instructions, in any computer language, directed to any computer, computer 
architecture, network, or operating system. 



broadest definition of the other, and each include text, audio and video data. By way of further 
example, the term "information" can mean raw data, processed data, or a combination of raw and 
processed data. 

Although the embodiment illustrated in the figures comprises a device driver described 
10 for illustrative purposes as a "file system monitor," the term "file system monitor" as used herein 
refers generally to a device driver of any kind using the file spoofing of the present invention. 
Device drivers within the scope of the invention may perform any sort of useful function that 
may be performed by a device driver, including, without limitation, general-purpose monitoring, 
permission monitoring, filtering, encryption, decryption, virus detection, data mirroring, I/O 
15 functions directed toward any device, and other functions, and are not limited to either 

monitoring or to functions related to file systems. Any device driver which accomplishes file 
spoofing appropriately falls within the scope of the present invention. 

One embodiment of the present invention may be implemented on a Windows 9x 
operating system. Referring now to FIG. 1, components of the Windows 9x operating system are 
20 divided between user mode code 10 and kernel mode code 30, which provide different levels of 
system protection. For one embodiment, the user mode code 10 includes a system virtual 
machine 20 capable of running 16-bit and 32-bit software applications 21-22, and a plurality of 
MS-DOS virtual machines 25. In this embodiment, the kernel mode code 30 comprises low- 
level operating system services and virtual device drivers, such as a virtual machine manager 40, 
25 a file system monitor 50 of the present invention, and an installable file system manager 60. 

Beneath the installable file system manager 60 are a plurality of file system drivers 70-72 
for file systems such as FAT and NTFS. Beneath the file system drivers 70-72 is a block I/O 
subsystem 80. The block I/O subsystem 80 includes an I/O supervisor 81 which manages 
requests as they pass through the file system hierarchy, a monolithic driver 82 for port I/O, and a 
30 layered plurality of device drivers 83-84. 

In this embodiment, the first device driver 50 intercepts all I/O requests from user mode 
code 10 and from applications 21-22 running in user mode 10, before the I/O requests are sent to 
the installable file system manager 60. The first device driver 50 is able to monitor and, if 
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The terms "information" and "data" as used herein are each intended to include the 
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desired, filter all file system activity occurring in the installable file system manager 60, file 
system drivers 70-72, and block I/O subsystem 80. By means of a call during system 
initialization to IFSMGR_InstallFileSystemApiHook, the first device driver 50 is hooked into 
such calls when the operating system is started or restarted, at which time it is inserted into a 
5 functionally uppermost position on the stack of all file system requests. From the installable file 
system manager 60 down through each driver in the layered plurality 83-84, an I/O request is 
passed from the highest level to the lowest level, and the devices can also view the result of a 
request as it passes back up the stack to the source of the I/O request. Each device driver on the 
stack may service an I/O request itself and not pass the I/O request to lower levels, or may, if 

10 desired, itself generate a new I/O request. Such device drivers may implement functions that 
require waiting, such as for an interrupt, or for a device to become available. During such 
waiting periods the device driver simply returns to its caller, allowing the calling application or 
device driver to perform other work in parallel with the I/O request. In the alternative, the calling 
application or device driver can simply wait ("block") until the I/O request is complete. 

15 In another embodiment, illustrated with reference to FIG. 2, the present invention may be 

implemented on a Windows NT operating system. As is well known in the art, an application 
100 running in user mode under Windows NT may send an I/O request to operating system 
services 1 10. I/O manager 120 receives I/O requests, and coordinates the transfer of I/O request 
packets among various drivers. In the alternative, the various drivers may communicate directly 

20 with each other without using an I/O manager 120 or other device to coordinate transfer of 
information among the various drivers. 

The conventional input/output system of operating systems such as Windows NT 
comprises a plurality of device drivers 130-132 for processing I/O requests. Such device drivers 
are illustrated, for example, by file system drivers 130, and a layered plurality of device drivers 

25 131-132. The I/O manager 120 typically delivers I/O request packets to the file system driver 
130 responsible for managing the target of the I/O request. However, as is known in the art, a 
file system monitor 50 can attach to other device drivers 130-132 in an object-oriented fashion. 
Thereupon, the I/O manager 120 routes I/O request packets intended for the target device driver 
130-132 to the file system monitor 50 that has attached to the target device driver 130-132. In 

30 this illustrative embodiment, the file system monitor 50 attaches to each of the plurality of file 
system driver objects 130. 



FIG. 3 is a flow chart of one embodiment of a method for providing data security in a file 
system monitor 50 using file spoofing. 
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As shown in FIG. 3, the file spoofing process of the present invention is initiated, in step 
200, each time a file system request is detected. In step 210, the process determines whether or 
not the file system request involves a spoofed file. The determination of step 210 is performed 
for any file system request that specifies a named file as the object of the request. Such file 
5 system requests include FILEJ3PEN to open a file, FILE_DELETE to delete a file, and 
FILE_RENAME to rename a file. In the Windows NT operating systems, such file system 
requests also include FILEQUERYINFORMATION to query file information, and 
FILE_SET_INFORMATION to set file information. Each of these calls requires a file name to 
be specified. In the determination of step 210, the specified file name is checked to determine 
10 whether the file is a spoofed file. 

A spoofed file is a file which has been secured by placing the data in a secured file 
location where such data is not readily accessible to the user, such as, by way of illustration and 
not limitation, a secure or encrypted virtual file system, while maintaining a tag file in a user- 
accessible part of the file system to serve as a placeholder. To save disk space, the tag file may 
15 be zero bytes in length. In one embodiment, from the point of view of the user, the tag file 
transparently appears to contain the secured data, and the file spoofing process will enable any 
file system request to reach the secured file location. 

To determine whether a file is a spoofed file, the process checks the file name against a 
database of all spoofed files, and if the file is a spoofed file, the process determines the secured 
20 file associated with the tag file. In an alternate embodiment, the process may rely on data stored 
in the tag file. 

If the determination of step 210 is that the file request involves a spoofed file, the process 
continues at step 211 and completes the file system request. In one embodiment, the process 
calls the next lower driver to complete the file system request for the tag file. In an alternate 
25 embodiment, the process rewrites the file system request to refer to the secured file instead of the 
tag file, and calls the next lower driver to complete the file system request for the secured file. 

The process continues at step 212 by modifying the information returned by the file 
system request. File attributes, such as file size, are part of the information returned by file 
system requests. The process removes selected file attributes of the tag file from the return 
30 information, and substitutes the corresponding file attributes of the secured file. For example, 
where the file size of a tag file is zero, the user will instead see the file size of the corresponding 
secured file. 

The process then concludes at step 240. 
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Returning to step 210, if the determination of step 210 is that the file request does not 
involve a spoofed file, the process continues at step 220 and determines whether the file system 
request involves a directory call that may return a spoofed file. Such file system requests in 
Windows 9x include FINDOPEN or FINDFIRST to find a first matching file, and 
5 FIND_NEXT to find a next matching file. In the Windows NT operating systems, such file 
system requests include DIRECTORY_CONTROL, which provides a buffer of matching file 
names. 

If the determination of step 220 is that the file system request involves a directory call 
that may return a spoofed file, the process continues at step 221 and completes the file system 

10 request. In one embodiment, the process calls the next lower driver to complete the file system 
request for the tag file. In an alternate embodiment, the process rewrites the file system request 
to refer to the secured file instead of the tag file, and calls the next lower driver to complete the 
file system request for the secured file. 

The process continues at step 222 by determining whether the information returned by the 

15 file system request refers to any spoofed files. Requests to find a first matching file or a next 
matching file will each return a single file. A request to the Windows NT file system for 
directory control will return a buffer of file names, each of which must be considered. If no 
spoofed files are returned, the process concludes at step 240. 

If any spoofed files are returned, the process continues at step 225 by modifying the 

20 information returned by the file system request. File attributes, such as file size, are part of the 
information returned by file system requests. The process removes selected file attributes of the 
tag file from the return information, and substitutes the corresponding file attributes of the 
secured file. For example, where the file size of a tag file is zero, the user will instead see the file 
size of the corresponding secured file. The process then concludes at step 240. 

25 Returning to step 220, if the determination of step 220 is that the file system request does 

not involve a directory call that may return a spoofed file, the process continues at step 230 and 
completes the file system request, and concludes at step 240. 

What have been described are only some examples of methods and systems according to 
the invention. Various modifications to the preferred embodiments will be readily apparent to 

30 those skilled in the art, and the generic principles defined herein may be applied to other 
embodiments and applications without departing from the spirit and scope of the invention. 
Thus, the present invention is not intended to be limited to the embodiments shown. On the 
contrary, it is to be understood that various and numerous other arrangements may be devised by 
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one skilled in the art without departing from the spirit and scope of the invention as limited only 
by the accompanying claims. 
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We claim: 

1 . A method for providing data security in a device driver for accessing data, the method 
comprising the steps of: 

5 

detecting a file system request; 

completing said file system request; 

10 receiving return information from said file system request; 

determining whether said file system request is for a tag file associated with a secured 
file; and 

15 if so, modifying said return information to reflect a file attribute of the secured file. 

2. The method of claim 1 wherein said file attribute is file size. 

3. The method of claim 1 wherein the step of determining further comprises the steps of: 

20 

determining whether said return information identifies a plurality of tag files associated 
with a plurality of secured files; and 

if so, modifying said return information to reflect a file attribute of the plurality of 
25 secured files. 

4. The method of claim 1 wherein the secured file is stored in encrypted form. 

5. The method of claim 1 wherein the secured file is stored in a secure virtual file system. 

30 

6. The method of claim 1 wherein the secured file is stored on a remote networked device. 

7. The method of claim 1 wherein the file system request is to open a file. 
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8. The method of claim 1 wherein the file system request is to delete a file. 

9. The method of claim 1 wherein the file system request is to rename a file. 

5 10. The method of claim 1 wherein the file system request is to query file information. 

1 1 . The method of claim 1 wherein the file system request is to set file information. 

12. The method of claim 3 wherein the file system request is to find a first matching file. 

10 

13. The method of claim 3 wherein the file system request is to find a next matching file. 

14. The method of claim 3 wherein the file system request is directory control. 

15 15. A system for providing data security, the system comprising a device driver for accessing 
data, the device driver operably installed in an operating system on an electronic computer, 
wherein said device driven 

detects a file system request; 

20 

completes said file system request; 

receives return information from said file system request; 

25 determines whether said file system request is for a tag file associated with a secured file; 

and 

if so, modifies said return information to reflect a file attribute of the secured file. 
30 16. The system of claim 15 wherein said file attribute is file size. 
17. The system of claim 15 wherein said device driver further 
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determines whether said return information identifies a plurality of tag files associated 
with a plurality of secured files; and 

if so, modifies said return information to reflect a file attribute of the plurality of secured 



18. The system of claim 15 wherein said first device driver is a file system monitor. 

19. The system of claim 15 wherein the secured file is stored in encrypted form. 

20. The system of claim 15 wherein the secured file is stored in a secure virtual file system. 

21. The system of claim 15 wherein the secured file is stored on a remote networked device. 

22. The system of claim 15 wherein the file system request is to open a file. 

23. The system of claim 15 wherein the file system request is to delete a file. 

24. The system of claim 15 wherein the file system request is to rename a file. 

25. The system of claim 15 wherein the file system request is to query file information. 

26. The system of claim 15 wherein the file system request is to set file information. 

27. The system of claim 17 wherein the file system request is to find a first matching file. 

28. The system of claim 17 wherein the file system request is to find a next matching file. 

29. The system of claim 17 wherein the file system request is directory control. 

30. A machine-readable medium comprising a device driver program for accessing data, said 
device driver program comprising: 



files. 
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computer-implemented instructions for detecting a file system request; 

computer-implemented instructions for completing said file system request; 

5 computer-implemented instructions for receiving return information from said file system 

request; 

computer-implemented instructions for determining whether said file system request is 
for a tag file associated with a secured file; and 

10 

computer-implemented instructions for modifying said return information to reflect a file 
attribute of the secured file, if said file system request is for a tag file associated with a secured 
file. 

15 31. The machine-readable medium of claim 30 wherein the device driver program further 
comprises: 

computer-implemented instructions for determining whether said return information 
identifies a plurality of tag files associated with a plurality of secured files; and 

20 

computer- implemented instructions for modifying said return information to reflect a file 
attribute of the plurality of secured files, if said return information identifies a plurality of tag 
files associated with a plurality of secured files. 

25 32. A computer-implemented device driver for accessing data when operabiy installed in a 
computer operating system, said device driver comprising: 

means for detecting a file system request; 

30 means for completing said file system request; 

means for receiving return information from said file system request; 
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means for determining whether said file system request is for a tag file associated with a 
secured file; and 

means for modifying said return information to reflect a file attribute of the secured file, 
if said file system request is for a tag file associated with a secured file. 

33. The computer-implemented device driver of claim 32 wherein said file attribute is file 
size. 

34, The computer-implemented device driver of claim 32 further comprising: 

means for determining whether said return information identifies a plurality of tag files 
associated with a plurality of secured files; and 

means for modifying said return information to reflect a file attribute of the plurality of 
secured files, if said return information identifies a plurality of tag files associated with a 
plurality of secured files. 
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